New Drupal Exploit Mines Monero for Attackers
LinuxSecurity.com: A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining …
Browsing: Vulnerability
Trump administration picks new leader for Vulnerabilities Equities Process board
Grant Schneider has been named chair of the Vulnerability Equities Process (VEP) board, a National Security Council spokesperson told …
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Phoenix Contact has disclosed four vulnerabilities in switches in the FL SWITCH industrial line. The affected devices are typically used in …
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Email is a common means of delivering cyberattacks, and Microsoft Office documents are commonly attached to malicious emails. More threat …
Why you may want to update your browser in the next 9 days
It’s time for early Transport Layer Security (TLS) versions to die, die, die… which means that it’s time for all of us, if we …
Cisco plugs critical flaws in many switches, security appliances
Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and …
Smashing Security #083: Fake email derails clarinetist’s dream
Hell hath no fury like a jealous clarinetist’s girlfriend! Your Google ChromeCast could be letting stalkers find out where you …
Rex Mundi hacking extortion gang busted by Europol
There’s so much bad news about computer security that we sometimes forget to applaud when something good happens. Let’s change that …
Researchers claim Chrome bug bounty paid to the wrong people
It might look straightforward from the outside, but the responsible disclosure of security flaws is always a delicate process prone to …
New Zip Slip Vulnerability Hits Java Apps
Israel-based Synk Security has reported a new critical vulnerability with the name Zip Slip. It is an arbitrary file overwrite …
Vulnerabilities in these IoT cameras could give attackers full control, warn researchers
Vulnerabilities in almost 400 models of internet connected video camera by one manufacturer could allow attackers to take remote control of …
Firefox fixes critical buffer overflow
Earlier this month Mozilla announced a security advisory (MFSA2018-14) for its Firefox browser, noting that version 60.0.2 of both Firefox …
Apple code signing flaw could have made Mac malware look legit
For years it was possible to make malicious code designed to run on OSX and macOS computers fool security tools into thinking it had been …
The “world’s worst” smart padlock – it’s EVEN WORSE than we thought
Remember last week’s ROTFL story about the $99 digital padlock that could be opened in just two seconds without an angle grinder or a …
Lazy FPU Vulnerability Now Patched for Red Hat Enterprise Linux 7, CentOS 7 PCs
Earlier this week, Red Hat informed Softpedia about a moderate security vulnerability publicly disclosed on June 14, 2018, known as …
More Mitigations for (potential) CPU Vulnerabilities
There have been more developments in the continuing work mitigating against (Intel®, and potentially other) CPU vulnerabilities… Philip …
Unintended Clipboard Paste Function in Windows 10 Leads to Information Leak in RS1
The McAfee Labs Advanced Threat Research team has been investigating the Windows 10 platform. We have submitted several vulnerabilities …
Intel Discloses Yet Another Side Channel Vulnerability
Intel has disclosed another speculative execution side-channel vulnerability affecting many of its modern microprocessors that gives …
Microsoft Explains Why It Won’t Rush To Fix Every Reported Windows Security Exploit
Not every problem has an immediate solution. Microsoft recently explained how it prioritizes resolving …
With new platform release, Sysdig looks to make containerized apps more secure
For a high-level view of exactly how much security risk exists in an environment, administrators can turn to the expanded analytics console …
New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs
Hell Yeah! Another security vulnerability has been discovered in Intel chips that affects the processor’s speculative execution …
Intel FPU Speculation Vulnerability Confirmed
Earlier this month, Philip Guenther (guenther@) committed (to amd64 -current) a change from lazy to semi-eager FPU switching to mitigate …
Lazy FPU X86 Flaw Hits Intel Processors With Yet Another Major Vulnerability
A newly discovered security vulnerability in modern Intel X86 processors has been revealed that affects the processor’s speculative …
Red Hat Responds to New Speculative Execution Vulnerability, Patches Coming Soon
A few minutes ago, Red Hat has provided Softpedia with several resources and an official statement around the impact of a new publicly …
Cortana Software Could Help Anyone Unlock Your Windows 10 Computer
Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers …
Serious Security: How three minor bugs make one major exploit
Unfortunately, cybersecurity still seems to sit way down in Nth place for many vendors when they start programming their latest and greatest Internet of Things (IoT) devices. …
VMware Released Security Updates for Critical Remote Code Execution Vulnerability
VMware security updates published for its AirWatch Agent that affected by critical remote code execution vulnerability. VMware is a …
Exploit kits: Spring 2018 review
Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as …
Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)
June’s “Patch Tuesday” (June 12) is here, but it is likely many Windows 10 users have not yet applied these updates. If you have not, …
Bootloader vulnerability in OnePlus 6 lets an attacker take control of the device
An IT security researcher has discovered a critical vulnerability in OnePlus 6 smartphones which if exploited can allow an attacker to …